CVE-2022-47208: Command Injection
First published: Fri Dec 16 2022(Updated: )
The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can execute arbitrary commands on the device without authentication.
Credit: vulnreport@tenable.com vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Netgear Nighthawk AX1800 | <1.0.9.90 | |
| Netgear Nighthawk AX1800 Firmware | ||
| All of | ||
| Netgear Nighthawk AX2400 | <1.0.9.90 | |
| Netgear Nighthawk AX2400 | ||
| All of | ||
| Netgear Nighthawk AX3000 Firmware | <1.0.9.90 | |
| Netgear Nighthawk AX3000 | ||
| All of | ||
| Netgear Nighthawk AX5400 | <1.0.9.90 | |
| Netgear Nighthawk AX5400 Firmware | ||
| All of | ||
| Netgear Nighthawk AX6000 Firmware | <1.0.9.90 | |
| Netgear Nighthawk AX6000 Firmware | ||
| All of | ||
| Netgear Nighthawk AX11000 | <1.0.9.90 | |
| Netgear Nighthawk Pro Gaming WiFi 6 Router | ||
| Netgear Nighthawk AX1800 | <1.0.9.90 | |
| Netgear Nighthawk AX1800 Firmware | ||
| Netgear Nighthawk AX2400 | <1.0.9.90 | |
| Netgear Nighthawk AX2400 | ||
| Netgear Nighthawk AX3000 Firmware | <1.0.9.90 | |
| Netgear Nighthawk AX3000 | ||
| Netgear Nighthawk AX5400 | <1.0.9.90 | |
| Netgear Nighthawk AX5400 Firmware | ||
| Netgear Nighthawk AX6000 Firmware | <1.0.9.90 | |
| Netgear Nighthawk AX6000 Firmware | ||
| Netgear Nighthawk AX11000 | <1.0.9.90 | |
| Netgear Nighthawk Pro Gaming WiFi 6 Router |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-47208?
CVE-2022-47208 is considered a high severity vulnerability that allows unauthenticated attackers to execute arbitrary commands on the vulnerable device.
How do I fix CVE-2022-47208?
To fix CVE-2022-47208, update the firmware of your Netgear Nighthawk device to a version higher than 1.0.9.90.
Which devices are affected by CVE-2022-47208?
CVE-2022-47208 affects the Netgear Nighthawk models with firmware versions up to 1.0.9.90, including AX1800, AX2400, AX3000, AX5400, AX6000, and AX11000.
Can CVE-2022-47208 be exploited remotely?
CVE-2022-47208 requires the attacker to be on the same network segment as the router, making remote exploitation unlikely.
Is exploit code available for CVE-2022-47208?
Currently, there is no public exploit code available for CVE-2022-47208, but the vulnerability is serious enough to warrant immediate attention.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/first-publish-date
- agent/description
- agent/last-modified-date
- agent/author
- agent/event
- agent/source
- agent/weakness
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/netgear
- canonical/netgear nighthawk ax1800
- canonical/netgear nighthawk ax1800 firmware
- canonical/netgear nighthawk ax2400
- canonical/netgear nighthawk ax3000 firmware
- canonical/netgear nighthawk ax3000
- canonical/netgear nighthawk ax5400
- canonical/netgear nighthawk ax5400 firmware
- canonical/netgear nighthawk ax6000 firmware
- canonical/netgear nighthawk ax11000
- canonical/netgear nighthawk pro gaming wifi 6 router